Identity Is the New Perimeter. Here’s How Businesses Are Adapting

perimeterHere’s something you’ve probably heard before: “The firewall-defined boundary that used to confine an organization’s IT assets and users has dissolved; identity has emerged as the new perimeter.

That’s the first line of Quocirca Research’s  report Getting To Know You – Building Online Relationships With Effective Identity and Access Management, and it’s a common call-to-action for IAM and IDaaS services (in fact, Quocirca’s report was sponsored by Ping Identity), but most importantly, it’s true.

Time and time again, we’ve seen organizations that rely solely on firewalls and perimeter-based security fall victim to cyber-attacks that are, at the very least, embarrassing, and at worst, disastrously damaging.

The recent hack of the federal Office of Personnel Management (OPM), for example, was made possible when hackers obtained a credential used by KeyPoint Government Solutions, a third-party contractor that conducts background investigations of applicants for federal jobs that require a security clearance.

In another example, 2013’s infamous Target data breach started in a similar manner when hackers stole a network login from an HVAC contractor working for Target Corporation.

The problem is clear, and in order to address that problem, Quocirca says that organizations must rethink the way they manage identities. According to the Getting to Know You report, just 20 percent of organizations think that their current IAM systems are “fit for purpose.” That means a whopping 80 percent of organizations are lacking confidence in their IAM solutions and are looking to modernize.

The trouble, according to a Quocirca blog post, is that many IAM systems purchased as part of a software stack from a vendor like Oracle, CA, or IBM were designed to deal with “the old way of doing things.”

Full replacement of those legacy systems is often difficult or even impossible, so many organizations are turning to a hybrid approach. The average organization has at least two IAM suppliers, according to Quocirca. More often than not, that second system is a cloud-based SaaS system designed  for “provisioning users from a wide range of identity sources to other cloud applications,” says Quocirca. In other words, organizations are hanging onto legacy solutions to handle internal users and are adopting cloud-based IDaaS solutions to handle the ever-expanding perimeter of new customers and third-party users.

Quocirca found that 39 percent of respondents to the Getting to Know You research take a hybrid approach to federated identities while 53 percent do so for single sign-on; Consumer-facing organizations showed higher use percentages in both cases.

Jeff Edwards
Follow Jeff

One thought on “Identity Is the New Perimeter. Here’s How Businesses Are Adapting”

  1. Ryan G says:

    Identities are the new security perimeter.

    Managing identities though, requires more than usernames and passwords, or the “WHO” wants access. A good example of a comprehensive approach to managing identities can be seen on the UNIX/Linux side in BoKS ServerControl software.

    In a BoKS example, features allow for granular control over access that can be configured to verify the WHO (username & p/w), but also the WHAT (machine), WHERE (IP address), WHEN (time of day/date), and most importantly…HOW (SSH Access Route) access can be granted to a network.

    If any of the conditions are not met, access is denied by default. This is how BoKS manages “identities”.

    Furthermore, a BoKS type solution would not only addresses security around access control and identity management, but because of its centralized , least privileged architecture, and ability to “stand alone” without a need for AD or LDAP as an identity store, it simplifies and streamlines account management without adding additional obstacles for administrators to accomplish their day to day duties.

Comments are closed.